Security Advisor

Microsoft's Security Essentials Fails Antivirus Cert Test…Again

This time Microsoft is speaking out against negative marks issued by AV-Test.

If the headline looks familiar, it's because I reported in December that Microsft's free antivirus program, Microsoft Security Essentials, failed when AV-Test, a German security firm that specializes in evaluating antivirus software, put it through the wringer.

Apparently, Microsoft was not fazed by the report, and did little to help its score. Case in point: AV-Test is back again with another test and Microsoft's Security Essentials continues to be slacking off.

In the recent test, which was conducted over the month of December, Microsoft's antivirus was only able to protect 78 percent of zero-day malware attacks. While this is a slight improvement over the last test (in which Security Essentials only blocked 71 percent), it falls well short of the industry average of 92 percent.

While Microsoft was quiet when I wrote about November's test in December, it's been very vocal this time around, claiming that AV-Test's methodology is flawed. And it's main argument was that the average Security Essentials user does not encounter the same type of malware that AV-Test used during its evaluation.

"Our review showed that 0.0033 percent of our Microsoft Security Essentials and Microsoft Forefront Endpoint Protection customers were impacted by malware samples not detected during the test," wrote Joe Blackbird, program manager for Microsoft Malware Protection Center, in a blog post. "In addition, 94 percent of the malware samples not detected during the test didn't impact our customers."

According to Microsoft's own testing, Security Essentials blocked a near-perfect 99.997 percent of zero-day attacks. While there could be questions concerning the validity of testing your own products, Microsoft's data is based off of real-world results.

Honestly, I'm a bit puzzled why Microsoft even responded to the AV-Test analysis in the first place. Its Security Essentials is the king of the mountain when it comes to market share (26.7 percent of North America, according to OPSWAT, so it obviously has the support of its customers.

And readers of this blog shared that same sentiment with me. When it comes to Microsoft, Redmond magazine readers have no objection to being overly critical of the company. However, you guys really like Security Essentials.

Dan from Iowa also provided some great insight on why that is, and why an antivirus shouldn't be measured based solely on its ability to block zero-day attacks:

"What's missing from the antivirus testing mentioned above is a measurement on stability. AV needs to work well as a background process. The reason MSE does so well is not because some testing firm found it detected this vulnerability that something else did not detect. The reason is because it is far more stable than most other anti-virus systems out there. Not surprisingly, if your testing doesn't involve actually having to support production services, things like Avast and Symantec can score well. However, in the real world, it has to run for weeks at a time without crashing your systems, and that is where MSE seems to shine over many of the other options."

What say you? Is Dan right in that Security Essentials shines due to its integration? And do you use third-party testing firms' data when choosing software? Share your answers below or with me at

About the Author

Chris Paoli is the site producer for and

comments powered by Disqus

Reader Comments:

Fri, Feb 8, 2013 Jim S

The details of the testing methodology make me think that this test leaves much to be desired. "To create a fair testing environment, each product was installed on a clean Windows XP Professional target system. The operating system was updated with Windows XP Service Pack 3 (SP3), although no later patches or updates were applied. We test with Windows XP SP3 and Internet Explorer 7 due to the high prevalence of internet threats that work with this combination. The prevalence of these threats suggests that there are many systems with this level of patching currently connected to the internet. " Really? Our XP machines are kept up to date and use IE8, not 7. I think Microsoft might have a point about the real world versus these tests.

Mon, Jan 28, 2013 Dan Phoenix, Az

My friend purchased a new computer, so he gave me his old. We removed all personal files, removed all existing antivirus programs with no protection what so ever, afterwards; we surf the web; we visit; porn, scam, etc.; We intentionally accumulate as much junk as we can, and after that we download antivirus programs one by one. (Free & free trial version only). We tested at least a dozen of them. Our test represents the real-world situation. Our conclusion: MSE is the overall best.

Mon, Jan 28, 2013 A Europe

I do IT for living and I have worked with many AVs but Microsoft products shine with being small, very simple, being effective, they do not interrupt people for no reason and they do work. They do not advertise but they are no.1 according to Opswat. And the business products are very cheap, too.I have seen many real world cases where even Windows Defender in Windows 7 does the job better than Norton, what about MSE. Many people love it but they don't post in forums or blogs. It just works. I don't mind if BitDefender, AVIRA or other programs score higher in stupid non-real world tests - Microsoft programs never produce false positive alarms. And as Dan from Iowa says- when you have to support certain systems - MSE will do it. Trying to fix a false positive (often caused by some other products) is a nightmare - almost as serious as an infestion can be.

Sun, Jan 27, 2013 Josh Ohio

MSE does well, and its integration with Windows is paramount to its success, but I find that it fails to catch viruses being written to IE temporary storage locations in the C:\Users section of the filesystem. It will identify them after they've been placed there, but not intercept them in the process. What's the point? Furthermore, I've had cases where it reports on viruses that I simply cannot find manually through Windows Explorer, even with hidden files viewable, among other things. No matter the perspective, it would benefit any vendor, including Microsoft to consider there is always room for improvement in their product.

Fri, Jan 25, 2013 LaVelle W. TN

I must say the I just deleted Defender Pro 15 in 1 and downloaded Microsoft Security Essentials two days ago and I am VERY, VERY PLEASED to say that it detected four Malware attacks against Java and deleted them, gave me an explicit definition of what they were and what causes them. It gave me instructions on deleting my old contaminated Java and showed me how to download a New Java. My computer was running very slow, crashing, and freezing before. Now for two days it has been running very smooth and is so fast. I love it! I'm not sure what others are complaining about~~ Microsoft security Essentials is "GREAT". THANKS FOR ALLOWING ME TO SET THIS RECORD STRAIGHT.

Thu, Jan 24, 2013 Dan Canada

Got rid of BitDefender which was constantly annoying my computer to go with MSSE and it's been excellent. It's like it's not there until it tells me there's a problem which is not often. It's not perfect, nothing is, but I like it just fine.

Wed, Jan 23, 2013 George Los Angeles

Symantec Endpoint 11.0.7 DID NOT detect 4 malware's on my girlfriends computer (including two Java exploits). MSE did and helped me remediate that system, 'Nuff said......

Wed, Jan 23, 2013

It's not EOL. Is now integrated into Defender in Win8.

Wed, Jan 23, 2013 Steven Waterloo, ON

Been using it for years and recommending it to private clients. Just wish it was not end of life. Can not install it on Windows 8.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.